CVE-2019-14453

Published: Aug 3, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the graphical interface via a 1C000000000S value for domus, in conjunction with a zero value for logged.

Affected (1)

Products: Comelitgroup: Away From Home

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Comelitgroup Away From Home	Version 2.8.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.blogx86.net/2021/07/26/cve-2019-14453/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.blogx86.net/2021/07/26/cve-2019-14453/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.